2012-06-02 - Russ Allbery <rra@debian.org>
libpam-krb5 (4.6-1) unstable; urgency=low
* New upstream release.
- New anon_fast option to attempt anonymous authentication and use
those credentials to provide FAST armor. (Closes: #626509)
- New user_realm option to set the realm for unqualified user
principals without changing the default realm for all other
operations.
- New no_prompt option to suppress PAM prompting in favor of letting
the Kerberos library handle it. (Closes: #626506)
- New silent option that duplicates the behavior of PAM_SILENT.
- New trace option for preliminary support of Kerberos trace logging.
- Fix the doubled colon in password prompts from Heimdal.
- Preserve the realm of the authentication identity when forming an
alt_auth_map identity.
- Allow the alt_auth_map format to contain a realm to force all mapped
principals to be in that realm.
- Avoid a NULL pointer dereference if krb5_init_context fails.
(LP: #998525)
- Close memory leaks in search_k5login and alt_auth_map.
- Suppress bogus error messages about the realm option.
- Retry authentication under try_first_pass for several other error
conditions.
* Regenerate the Autotools build system with dh-autoreconf.
* Add krb5-config to Build-Depends so that the test programs don't abort
with errors about not having a Kerberos configuration.
* Switch to xz compression for the upstream and Debian tarballs.
* Enable parallel builds.
* Update standards version to 3.9.3 (no changes required).